From 55d259de67edf6931b9e106b3ad497aaffe98040 Mon Sep 17 00:00:00 2001 From: Marko Souza Date: Tue, 18 Jun 2024 14:51:45 -0300 Subject: [PATCH] Bump Zip4j to avoid CVEs(2018-1002202, 2022-24615, 2023-22899) --- project.clj | 2 +- src/dynamodb_local/core.clj | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/project.clj b/project.clj index 3ab0ae1..e27a9f1 100644 --- a/project.clj +++ b/project.clj @@ -7,6 +7,6 @@ :dependencies [[boot/core "2.6.0" :scope "provided"] [environ "1.0.0"] [medley "1.0.0" :scope "test"] - [net.lingala.zip4j/zip4j "1.3.2"]] + [net.lingala.zip4j/zip4j "2.11.5"]] :deploy-repositories [["releases" {:url "https://clojars.org/repo" :creds :gpg}]]) diff --git a/src/dynamodb_local/core.clj b/src/dynamodb_local/core.clj index 8f06e47..7fa8858 100644 --- a/src/dynamodb_local/core.clj +++ b/src/dynamodb_local/core.clj @@ -5,7 +5,7 @@ (:import [java.io File] [java.nio.file Files Paths LinkOption Path] [java.nio.file.attribute FileAttribute] - [net.lingala.zip4j.core ZipFile])) + [net.lingala.zip4j ZipFile])) (def ^:private download-url "https://s3-us-west-2.amazonaws.com/dynamodb-local/dynamodb_local_latest.zip")